L’Oréal optimizes the management of security incidents

The entire L’Oréal Group decided to rely on the ServiceNow platform to improve the management of its IT services. The team responsible for managing security incidents hopes to use its cross-functionality to improve communication with other IT teams that interact with it. Therefore, accompanied by Devoteam, the team undertook the replacement of its existing ticket management solution OTRS.

Last fall, in a telephone interview next to the Paris Stock Exchange (Assises la la Sécurité), L’Oréal security analyst Damien Pierson proposed the desire to “promote interaction with the support team” and avoid the use of derivative channels as much as possible , Such as email.

The effect is very good: Since the beginning of 2016, ServiceNow has not hidden its ambitions in the field of security incident and vulnerability management. Damien Pierson emphasized: To a large extent, the management of safety accident orders is similar to the management of production accident orders. There are also specific attributes.

However, the transition from OTRS to ServiceNow requires some development work. At the end of October last year, they have completed, the platform is in the pre-production testing phase. The main work is focused on e-mail processing, which is the main communication channel between the L’Oréal incident response team soliciting sources: for example, it is necessary to automatically retrieve the header content to facilitate work. Analysts”. They also know how to manage discussion topics, or how to get support for existing event classification models, identification of relevant entities, etc. In addition, the use of specific indicators of the L’Oréal team for personalized reports has been added.

But Damien Pierson (Damien Pierson) emphasized that everything is done to “keep the platform as close to the local platform as possible to prevent updates from causing specific development to regress.”

For the platform to demonstrate its full potential, it will have to wait until the entire ServiceNow has been promoted across the entire group. But the expectations are high, because as Damien Pierson pointed out, the incident response team is naturally led to discuss with the system management team, network and even outsourcing partners: “We have the intention to unite everyone around ServiceNow.” There is no need to send emails to these participants to ask them to perform actions, but to assign tasks to them directly in the platform, which can already improve monitoring.

However, further developments are not ruled out, such as integration with security information and event management systems (SIEM). But for now, L’Oréal is making changes to it, and we will have to wait for the stabilization of the tool. In terms of remediation, arrangement is also a subject of reflection on the future.